# 1 账户策略
# 1.1 密码策略
# 1.2 账户锁定策略
function Test-PasswordPolicy {
    param(
        [string]$keyword,
        [string]$operator1,
        [string]$value1,
        [string]$operator2,
        [string]$value2
    )

    $passwordPolicy = Get-Content "$PolicyFilePath" | Select-String "$keyword = (.*)" -AllMatches
    $policyValue = $passwordPolicy | ForEach-Object { $_.Matches.Groups[1].Value.Trim('"') }
    
    # Write-Host $policyValue
    # write-host $value1

    if ($operator1 -eq "eq" -and $policyValue -eq $value1) {
        $global:result = 0
    } elseif ($operator1 -eq "lt" -and $policyValue -lt $value1) {
        $global:result = 0
    } elseif ($operator1 -eq "gt" -and $policyValue -gt $value1) {
        $global:result = 0
    } elseif ($operator1 -eq "le" -and $policyValue -le $value1) {
        $global:result = 0
    } elseif ($operator1 -eq "ge" -and $policyValue -ge $value1) {
        $global:result = 0  
    } elseif ($operator1 -eq "ne" -and $policyValue -ne $value1) {
        $global:result = 0 
    } elseif ($operator1 -eq "lt" -and $operator2 -eq "gt" -and $policyValue -lt $value1 -and $policyValue -gt $value2) {
        $global:result = 0      
    } else {
        $global:result = 1
    }
}



#2 本地策略
#2.1 审计政策
#2.2 用户权限分配
function Test-UserRightsAssignment {
    param(
        [string]$keyword,
        [string[]]$requiredSIDs
    )

    $securityPolicy = Get-Content "$PolicyFilePath" | Select-String "$keyword = (.*)" | ForEach-Object { $_.Matches.Groups[1].Value.Trim() -split ',' }
    if ($securityPolicy -is [string]) {
        $securityPolicy = @($securityPolicy)
    }
    # write-host $securityPolicy
    # write-host $securityPolicy.Length
    # write-host $requiredSIDs
    # write-host $requiredSIDs.Length
    
    
    if ($securityPolicy.Length -eq $requiredSIDs.Length) {
        $global:result = 0
    } else {
        $global:result = 1
    }
}

# 2.3 安全选项
# 2.3.1 账户
function Test-AccountSecurityOption {
    param(
        [string]$keyword,
        [string]$expectedValue,
        [string]$expectedValue1,
        [string]$expectedValue2,
        [string]$expectedValue3,
        [string]$expectedValue4
    )

    # $securityPolicy = Get-Content -Path $PolicyFilePath | Select-String "$keyword="
    # $actualValue = ($securityPolicy -split '=|,')[2] -as [int]
    $securityPolicy = Get-Content -Path $PolicyFilePath | Select-String "$keyword="
    $actualValue = $securityPolicy -match "$keyword=(.+)" | Out-Null
    $actualValue = $Matches[1] -replace '[",]', ''

    # write-host "actualValue:$actualValue  expectedValue:$expectedValue expectedValue1:$expectedValue1 expectedValue2:$expectedValue2 expectedValue3:$expectedValue3 expectedValue4:$expectedValue4"

    if ($actualValue -eq $expectedValue) {
        # write-host s1
        $global:result = 0
    } elseif ($actualValue -eq "") {
        $global:result = 1    
    } elseif ($actualValue -le $expectedValue1 -and $actualValue -gt 0) {
        $global:result = 0
    } elseif ($actualValue -le $expectedValue2 -and $actualValue -gt 45){
        $global:result = 0
    } elseif ($actualValue -eq $expectedValue3 -or $actualValue -eq 7  ){
        $global:result = 0  
    } else {
        $global:result = 1
    }
}



function Test-NonEmptyValue  {
    param(
        [string]$keyword,
        [string]$expectedValue
    )

    $securityPolicy = Get-Content -Path $PolicyFilePath | Select-String "$keyword="
    $actualValue = ($securityPolicy -split '=|,')[2] 
    
    # write-host "actualValue:$actualValue  expectedValue:$expectedValue"
   
    if ($actualValue -ne $null -and $actualValue -ne "" -and $actualValue -ne '""') {
        $global:result = 0
    } else {
        $global:result = 1
    }
}

function Test-EmptyValue  {
    param(
        [string]$keyword
    )

    $securityPolicy = Get-Content -Path $PolicyFilePath | Select-String "$keyword"
    
    # write-host "securityPolicy:$securityPolicy"
   
    if ($securityPolicy -ne $null -and $securityPolicy -ne "") {
        $global:result = 0
    } else {
        $global:result = 1
    }
}

function Test-AccountSecurityOption_or  {
    param(
        [string]$keyword,
        [string]$expectedValue
    )

    $securityPolicy = Get-Content -Path $PolicyFilePath | Select-String "$keyword="
    $actualValue = $securityPolicy -match "$keyword=(.+)" | Out-Null
    $actualValue = $Matches[1] -replace '[",]', ''
    
    # write-host "actualValue:$actualValue  expectedValue:$expectedValue"
   
    if ($actualValue -eq 41 -or $actualValue -eq 42) {
        $global:result = 0
    } else {
        $global:result = 1
    }
}

#防火墙所用函数
function Test-regedit {
    param(
        [string]$registryPath,
        [string]$keyword,
        [string]$expectedValue,
        [string]$expectedValue1
    )

    $actualValue = (Get-ItemProperty -Path $registryPath).$keyword 2> $null
    
    # write-host  actualValue:$actualValue expectedValue:$expectedValue expectedValue1:$expectedValue1
    if ($actualValue -eq $expectedValue) {
        $global:result = 0
    } elseif ($actualValue -ge $expectedValue1 -and $expectedValue1 -ne "") {
        $global:result = 0    
    } else {
        $global:result = 1
    }
}

































